skyzohkey / kanet Goto Github PK

What steps will reproduce the problem?
1. Followed network setup on wiki
2. followed config in wiki for ubuntu using cas for login
3. everything starts fine

What is the expected output? What do you see instead?

after logiing into CAS should be redirected to portal or internet

What version of the product are you using? On what operating system?
kanet_0.2-3_amd64_lucid.deb

Please provide any additional information below.

After successfully getting an IP, I open internet explorer and am immediatley 
redirected to our CAS login. After i login it redirects to
https://kanet ip/login_cas/?ticket=ST***********

after which says server is not respodning, unable to connect 

Please Help,

Jason

I'm trying to compile a debian package from sources (version 0.2.3)

Im get this error (Full log attached):

WebServers.vala:58.63-58.80: error: The name `data' does not exist in the 
context of `string'
WebServers.vala:62.63-62.80: error: The name `data' does not exist in the 
context of `string'
WebServers.vala:136.65-136.82: error: The name `data' does not exist in the 
context of `string?'
WebServers.vala:142.65-142.82: error: The name `data' does not exist in the 
context of `string?'
WebServers.vala:179.64-179.81: error: The name `data' does not exist in the 
context of `string?'
WebServers.vala:185.64-185.81: error: The name `data' does not exist in the 
context of `string?'
WebServers.vala:228.61-228.79: error: The name `data' does not exist in the 
context of `string?'
WebServers.vala:242.57-242.74: error: The name `data' does not exist in the 
context of `string?'
WebServers.vala:451.38-451.41: error: Argument 2: Cannot convert from `null' to 
`size_t'
WebServers.vala:458.73-458.78: error: Argument 3: Cannot convert from 
`uint8[]?' to `string'
WebServers.vala:605.23-605.26: warning: Argument 1: Cannot pass null to 
non-null parameter type

Does anybody ave an idea? 

I'm not really familiar with package building and vala but I would like to 
develop a new authentication mode for kanet (password-of-the-day mode)

Thanks for your help

I don't know how difficult it is but a session tracking based on the packets 
traffic (like WIFIDog) would help to make Kanet work on IPhones. No need to 
keep a window open.

It could be an option in the configuration file.

Thomas

What steps will reproduce the problem?
1. After the login page,we can't go on internet and we are redirected to the 
page that we have after the login (intranet of my school).


What is the expected output? What do you see instead?
The expected output is that we can navigate on the internet. 

What version of the product are you using? On what operating system?
I'm using KANET 0.2.3 on debian squeeze.

Please provide any additional information below.

My authentification type is "CAS" but in "Kanet.conf", the only type of 
authentification are "kanet-radiusclient" or "kanet-dummy". Is there an another 
type of authentification that i don't know?

Thanks in advance

PS : I'm french so i'm sorry for my english

Maybe it's already possible to make it but I'll expose my problem here :
ACLs system allows or deny acces to some websites, ports or address, but only 
for acces to WAN side.
I would like to make a whitelist from mac addresses of some users of our 
captive portal.

Kanet is a very good solution but this feature is the only missing for 
replacing PFSense...

I'm currently trying to make ie via a script which parses a macaddress list to 
add iptables rules.

Have the ability to specify Acl for a particular User.

What steps will reproduce the problem?
1.Lorsque je me connecte à mon CAS 
2.Au moment de recevoir le ticket pour le serveur kanet
3.

What is the expected output? What do you see instead?

Je suis sensé arriver sur la page "update.html" 
Mais au lieu de ça, j'ai une erreur proxy "the server could not handle the 
request 
/login_cas/

What version of the product are you using? On what operating system?

kanet_0.2-3_i386_lucid.deb sur un Ubuntu server

Please provide any additional information below.

J'arrive à joindre ce fichier si je commente les lignes "proxy" dans le 
fichier /etc/apache2/sites-availables/kanet, mais forcéement, ça ne sert à 
rien.

je démarre kanet en root

Et les logs ne m'aident pas trop.
Je joint mes fichier de site et kanet.conf

Merci d'avance pour votre aide

What steps will reproduce the problem?
1.install of kanet_0.2-3_i386_lucid.deb
2.kanet in debbug mode
3.start kanet from the command line

What is the expected output? What do you see instead?

when I start kanet from the command line, I've got this output (Attached in 
logKanet.txt)


What version of the product are you using? On what operating system?

kanet_0.2-3_i386_lucid.deb

Please provide any additional information below.

I double check the installation of the libraries, and my configuration of 
kanet.conf is pretty basic, I only change the ip's for my devices, kanet is 
configured in STANDALONE mode, I don't have any idea why is it failing.

Hello,

I like the design of kanet, well job !
But I think there is a small security issue : it seems that there is no DNS 
tunnel protection.

Some possible solutions I see :
- implement basic DNS resolution in kanet, for resolving captive portal, 
listening on a non standard UDP port (ex : 5353)
- add an iptable rule for non authenticated clients requesting UDP 53 to be 
redirected to kanet DNS server (port 5353)

Best regards,
G. Husson.

Have the possibility to DNAT user to different VLAN depending on an
attribute return when user is authenticated

Check mandatory field with different server mode.

bonjour à tous,

je suis en train de monter un portail captif à l'aide de "kanet" et d'une 
authentification CAS mais voila, je rencontre un problème (je ne serais pas la 
sinon me direz vous)

mon problème ::

Quand mon client veut aller sur le web il doit passer par mon portail et 
s'authentifier auprès de mon serveur CAS, jusque ici pas de problème. 
La ou le bas blesse c'est que une foi authentifier mon client devrai avoir 
(grâce au ticket délivré pas CAS) accéder au web mais cela ne fonctionne 
pas et je suis toujours redirigé sur le serveur web de kanet...

fichier /etc/apache2/sites-enable/kanet :

[code]
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/apache2/server.crt
        SSLCertificateKeyFile /etc/apache2/server.key
        SSLVerifyClient none
        SSLProxyEngine On

        Alias /www /usr/share/kanet/

        ProxyPreserveHost On
        ProxyRequests On
        ProxyPass / http://127.0.0.1:8181/ disablereuse=on retry=0 flushpackets=on
        ProxyPassReverse / http://127.0.0.1/
        ProxyTimeout 3

        <location />
                Allow From All
        </location>

        ErrorLog /var/log/apache2/error.log
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
</VirtualHost>

<VirtualHost *:8080>
        RewriteEngine ON
        RedirectMatch .* https://cas.toto.fr:8443/cas/?service=https://kanet.toto.fr/login_cas
        ErrorLog /var/log/apache2/error.log
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
</VirtualHost>
[/code]

fichier /etc/kanet/kanet.conf

[code]/*
        Configuration file for kanet
*/

{
        /*
                Server configuration
                SERVER_MODE="STANDALONE" (default) or "PROXY"
        */
        "SERVER_MODE" : "PROXY",
        "SERVER_URL" : "https://kanet.toto.fr",
        "SERVER_PORT" : "8181",
        "SERVER_IP" : "",
        "REDIRECT_SERVER_PORT" : "8080",
        "QUEUE_NUM" : "0",
        "SSL_CERT_FILE" : "/etc/kanet/ssl-kanet.crt",
        "SSL_KEY_FILE" : "/etc/kanet/ssl-kanet.key",
        "DEBUG" : "0",
        /*
                Persistent data,
                only sqlite is available.
        */
        "database" : "sqlite",
        "sqlite_connection_string" : "/var/lib/kanet/kanet.sqlite",
        "mysql_connection_string" : "Server=xxx; Port=3306; Database=xxx; uid=xxx; pwd=xxx;",
        /*
                Server behavior
        */
        "login_page" : "https://cas.toto.fr:8443/cas/?service=https://kanet.toto.fr/login_cas/",
        "captive_portal_page" : "https://kanet.toto.fr/www/update.html,
        "cas_url" : "https://cas.toto.fr:8443/cas/",
        "www_path" : "/usr/share/kanet/",
        "module_path" : "/usr/lib",
        "auth_module_name" : "kanet-radiusclient",


        /*
                blacklist acls
                always rejected.
        */
        "KANET_ACL_TYPE_BLACKLIST": [
                { "address" : "127.0.0.1", "port" : 9090 },
                { "port" : 8089 }
        ],
        /*
                open acls
                always open
        */
        "KANET_ACL_TYPE_OPEN": [
                { "address" : "kanet.toto.fr" },
                { "address" : "cas.toto.fr", },
                { "address" : "kanet.toto.fr" }
        ],
        /*
                default acls
                open to authenticated users.
        */
        "KANET_ACL_TYPE_DEFAULT": [
                { "port" : 8043 },
                { "port" : 443 },
                { "port" : 80 },
                { "port" : 8080 },
                { "port" : 8443 }
        ],

        /* Admins : comma separated login list */
        "admins": "colin,colin@upvm",
        /*
                blacklist_part
        */
        "blacklist_users" : [
                { "login" : "colin", "message" : "hi foo ! you're login have been locked .." },
                { "login" : "johndoe", "message" : "hi john doe ! this account is locked .." }
        ],
        "default_blacklist_message" : "Your account have been locked",

        /*
                auto_blacklist_acl
                used to inform user they are probably infected, if a user try to join
                one of this address, the user is automatically blacklisted and the message
                display on is login window
        */
        "auto_blacklist_acls": [
                { "address" : "192.168.1.45", "message" : "You're account have been temporarily locked <br/> because you're probably infected by a virus" },
                { "port" : 45678, "message" : "You're account have been temporarily locked <br/> because you're probably infected by a virus" }
        ],
        /*
                quota, in bytes or seconds. 0 is unlimited.
        */
        "bytes_quota" : "0",
        "time_quota" : "0",
        /*
                message
                variables : $upbytes $downbytes $duration
        */
        "update_msg" : "Up : $upbytes, Down: $downbytes, Time: $duration",
        "over_quota_msg" : "Sorry you exceed your quota",
        "blacklist_msg" : "Sorry, you're account have been locked",
        "update_error_msg" : "An error occured during authentication process, please restart your browser",

}
[/code]

je tourne en rond depuis un moment et commence à désespérer... le pire c'est 
que je suis sur que c'est un petit truc qui me bloque et je ne voit pas du tout 
d'où cela peut venir

merci d'avance

It would be great to be able to write patterns in ACL configurations such as:

{ "port" : * },
{ "port" : 80* },
{ "address" : www.edu*.fr },

or port ranges such as:

{ "port" : 1024-1034 },

Usefull when Kanet is used for the captive portal and authentication process 
but when the firewalling job is done by another machine.